New Cyberattacks Hit Ukraine, Russia
RFE/RL October 24, 2017
A cyberattack on October 24 targeted a major Ukrainian international airport, the Kyiv subway ticketing system, and three Russian media outlets.
The attack came just four months after the "NotPetya" malware spread from two countries across the world.
Ukraine's Computer Emergency Response Team (CERT) said a new wave of hacks was targeting the country, and called on transportation networks to be on high alert.
"We ask the owners of telecommunication systems, other information resources, transport infrastructure first of all, as well as ordinary Internet users, to comply with stricter cybersecurity requirements," CERT said in a statement.
Odesa's international airport said that its information system stopped functioning in the afternoon.
It said in a statement, "We report that the IT system of Odesa international airport has been hit by a hacker attack. All services of the airport are working in a reinforced security regime."
Its website showed air traffic going in and out of the Black Sea resort city according to schedule.
Also on October 24, the Kyiv subway wrote on Facebook that its computer system was attacked by hackers and informed clients that card payment for services was temporarily impossible.
Ukraine's Central Bank said the banking system was working normally.
Ukraine suspects Russia is behind regular attacks on its computer systems, but Moscow denies any involvement.
In Russia, the Interfax news agency -- one of the country's biggest -- also sent its last dispatch at 2:13 p.m. local time before falling silent.
Yevgeny Gukov, a Moscow-based cybersecurity expert from Moscow, said the Fontanka news site in Russia's second city of Saint Petersburg and a third media outlet "whose name, unfortunately, we cannot reveal at this time" had also gone off line.
"We cannot say what it is at the moment," said Gukov, who works for the Group-IB IT security firm.
Gukov said the malware appeared to be using an encryption scheme that prevented analysts from deciphering the malicious code.
Group-IB later issued a statement saying the cyberattack appeared to have its origins in Russia and had also hit corporate sites in Turkey and Germany.
"This ransomware infects devices through a number of hacked Russian media websites," Group-IB said.
"Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the [NotPetya] attack."
The "NotPetya" attack, which took place in July, was a modified version of the "Petya" ransomware that hit last year. "Petya" demanded money from victims in exchange for the return of their computer data.
With reporting by Reuters and AFP
Copyright (c) 2017. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.
|Join the GlobalSecurity.org mailing list|